[Mimedefang] umask, mimedefang, clamd and spamassassin

Steve Hanselman steveh at brendata.co.uk
Tue Feb 3 05:11:44 EST 2015 

Ok, spamassassin is 3.4 and mimedefang is 2.73 although having checked
the diff's there's nothing relevant to this between 2.73 and 2.75
(trying to use Ubuntu repos, not sure why they haven't packaged 2.75
yet)

Here are the relevant lines from an strace from the multiplexor

root at prodmail18:~# grep -n umask t.mux
82:4033  umask(077)                        = 022
179:4033  umask(07)                         = 077
184:4033  umask(027)                        = 07
9070:4033  umask(01777777777777777777077)    = 027
9096:4033  umask(01777777777777777777177)    = 077
9102:4033  umask(077)                        = 0177
root at prodmail18:~# grep -n Work t.mux
11405:4040  mkdir("Work", 0750)               = 0
11534:4040  stat("Work/msg-4040-1.txt", 0x11be070) = -1 ENOENT (No such
file or directory)
11535:4040  open("Work/msg-4040-1.txt", O_WRONLY|O_CREAT|O_TRUNC, 0666)
= 5
11611:4040  open("Work/INPUTMBOX", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 5
root at prodmail18:~#

umask isn't touched after line 9102 and the files are created from line
11405 onwards

Looking at the strace around 9102, this is in the auto-whitelist
functionality of spamassassin

I'm guessing that there is an exit path that doesn't reset the umask.

I think the fix is probably to assume that umask is tainted and to reset
after all spamassassin calls.

Regards
Steve


-----Original Message-----
From: mimedefang-bounces at lists.roaringpenguin.com
[mailto:mimedefang-bounces at lists.roaringpenguin.com] On Behalf Of David
F. Skoll
Sent: 02 February 2015 15:43
To: mimedefang at lists.roaringpenguin.com
Subject: Re: [Mimedefang] umask, mimedefang, clamd and spamassassin

On Mon, 2 Feb 2015 14:13:31 -0000
"Steve Hanselman" <steveh at brendata.co.uk> wrote:

> I've just run strace over a session and it would appear that 
> spamassassin modifies the umask, which probably explains the issue (it

> also depends which tests you have enabled in spamassassin if you grep 
> the tree).

What version of SpamAssassin?  I'm still on 3.3.x and it seems to me
that all the calls to umask are careful to restore the original umask
afterwards.

> I'll check the entire details later but I think that mimedefang needs 
> to reset the umask after it has called spamassassin, this is the 
> likely cause for a number of the lstat errors with clamd.

OK; I can look at doing that.

Regards,

David.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

More information about the MIMEDefang mailing list